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DETAILED ACTION 

Claims 1-22, 24-46, and 48-49 are pending, of which claims 1-6, 14-22, 24-30, 
38-46, and 48-49 were drawn to elected claims. Claims 4-5, 14-15, 17, 20, 22, 25-30, 
38-39, 41-41, 45-46, and 49 were noted by applicant as amended. Claims 23 and 47 
were cancelled. Amendments by applicant have been fully noted. Please note new 
rejections made in light of these amendments below. As per MPEP 2144.03, any well 
known art statements made in the prior office action not adequately or specifically 
traversed by applicant are taken as admittance of prior art. 

Priority 

Applicant's comments and corrections related to the priority of the application 
have been noted. 

Response to Arguments 

Applicant's arguments have been fully noted. The following arguments 
addressed below were not found to be persuasive. 

With respect to the 112, second paragraph rejection of claim 1 , applicant argues 
that the rejection in the prior office action is incorrect since it is clear that a hash value of 
a trust entity certificate is provided as part of the TIO and that associated trust 
information is provided as part of the TIO. The examiner respectfully disagrees that the 
rejection was in error. In light of this explanation of what applicant meant to state in 
claim 1 , the examiner now is able to determine that there are commas missing from the 
claim 1 which caused the claim to be indefinite. Without these commas, the limitation 
addressed did not make grammatical sense, thus the meaning was unclear. Further 
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explanation is provided below. Note that similar limitations have been amended onto 
claims 46 and 49 and like claim 1, the amended limitation in each claim are indefinite 
due to missing commas. The rest of the 112, second paragraph rejections are moot 
due to applicant's amendments. 

As per 101 rejections of claims 1-6, applicant argues that claim 1 is directed 
towards a method for delivering certificate with associated trust information from a trust 
information provider to a client for verification of a received certificate by the client. The 
examiner notes that this is the intended practical application of claim 1 . Applicant 
argues the result is clear from the claim and that the client receives a TIO including the 
hash value of a trust entity certificate as well as associated trust information. Applicant 
argues this is a concrete, useful, and tangible result. Applicant also argues that other 
concrete, useful, and tangible result of claim 1 includes the TIO based trust information 
received by the client enables the client to verify received certificates.... The examiner 
respectfully disagrees that any of these items pointed to by applicant is a concrete, 
useful, and tangible result. As previously noted, the intended practical application of the 
method is delivering certificate with associated trust information from a trust information 
provider to a client for verification of a received certificate by the client. As applicant 
has defined a TIO in the specification, a TIO is not necessarily a certificate, thus neither 
steps recited in claim 1 has accomplished the intended practical application. That is, 
the client never received the certificates from a trust information provider nor has the 
client verified a certificate. Thus, there is no concrete, useful, and tangible result that is 
commiserate with what is recited as the intended practical application. A similar 
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traversal applies to applicant's argument for claims 14 and its dependent claims as well 
as claims 46, 48 and 49. That is, none of what applicant points to as a concrete, useful, 
and tangible result are commiserate with what is recited as the intended practical 
application of the method being claimed. Further, using claim 1 as a representative 
claim once more, one skilled should appreciate that merely providing a client with an 
object does not yield a useful or tangible result. There is a useful and tangible result 
when the client does something with the object provided, whether it be storing the object 
or using the object to accomplish some task. To use an analogy, one could be 
instructed of a method to stop a person's hunger by providing lunch. The steps of this 
method could be making a burger and providing the burger to the person. However, 
until the person eats the burger, there is no concrete, useful, or tangible result that is 
commiserate with the intended practical application of stopping the person's hunger by 
providing lunch. 

As per the other 101 rejections, applicant has amended the claims so that per se 
descriptive material is not claimed. This overcomes the previous 101 rejections, but 
please note new 101 rejections below that are made in light of these amendments. 

As per the 103 rejections, applicant uses claim 1 as a representative claim and 
argues that Fischer does not disclose indicating a trust level for a trusted entity 
associated with a trust entity certificate. Applicant argues that instead, Fischer 
discloses that a certifier creates a certificate which includes a trust level and that the 
trust level in the created certificate is associated with the individual to which the 
certificate is sent. That is Fischer merely teaches construction of a certificate having 
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trust level associated with a user who will use the certificate for exchanging secure 
transactions. The examiner notes that there is nothing recited in the claim which 
prevents a user from being considered a trusted entity. A broad but reasonable 
interpretation of "trusted entity" can include a user since any entity that has trust 
associated with it is a "trusted entity". As applicant admits, the user has a trust level 
associated with him/her. Please note that although the claims are interpreted in light of 
the specification, limitations from the specification are not read into the claims. See In 
re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Applicant's 
remaining 103 arguments are essentially the same as what was presented for claim 1 
and are traversed for the same reasons given herein. 

Observations with Regards to Apparatus Claims 

Note that claims directed to apparatus must be distinguished from the prior art in 
terms of structure rather than function. In re Danley, 120 USPQ 528, 531 (CCPA 1959). 
"Apparatus claims cover what a device is, not what a device does." (Emphasis in 
original) Hewlett-Packard Co. v. Bausch & Lomb Inc., 15 USPQ2d 1525, 1528 (Fed. 
Cir. 1990). A claim containing a "recitation with respect to the manner in which a 
claimed apparatus is intended to be employed does not differentiate the claimed 
apparatus from a prior art apparatus" if the prior art apparatus teaches all the structural 
limitations of the claim. Ex parte Masham, 2 USPQ2d 1647 (Bd. Pat. App. & Inter. 
1987). 
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Expressions relating the apparatus to contents thereof during an intended 
operation are of no significance in determining patentability of the apparatus claim." Ex 
parte Thibault, 164 USPQ 666, 667 (Bd. App. 1969). Furthermore, "[inclusion of 
material or article worked upon by a structure being claimed does not impart 
patentability to the claims." In re Young, 75 F.2d, 25 USPQ 69 (CCPA 1935) (as 
restated in In re Otto, 312 F.2d 937, 136 USPQ 458, 459 (CCPA 1963)). "The manner 
or method in which such machine is to be utilized is not germane to the issue of 
patentability of the machine itself. In re Casey, 370 F.2d 576, 152 USPQ 235 (CCPA 
1967). 

Claim Objections 

Claim 20 is objected to because of the following informalities: Claim 20 recites 
"the initial TIO" and "said initial TIO". The examiner respectfully requests applicant 
consistently use either "said" or "the" in referring to objects because inconsistently using 
"said" and "the" when referring to the same object seems to imply what are being 
referred to are different objects. Appropriate correction is required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1-6, 24, 26-30, 39-45-46, and 48-49 are rejected under 35 U.S.C. 112, 

second paragraph, as being indefinite for failing to particularly point out and distinctly 

claim the subject matter which applicant regards as the invention. 
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1 . As per claim 1 , the limitation "providing as part of said TIO a hash value of a trust 
entity certificate and associated trust information indicating a level of trust for a 
trusted entity associated with said trust entity certificate" was rejected as being 
indefinite in the prior office action. This rejection is maintained. In light of 
comments by applicant, the examiner believes that applicant meant to recite the 
following: "providing, as part of said TIO, a hash value of a trust entity certificate 
and associated trust information, indicating a level of trust for a trusted entity 
associated with said trust entity certificate". Note that without the commas added 
by the examiner, the clause is grammatically incorrect, thus rendering the 
meaning of the clause indefinite. 

2. Limitations in amended claims 46 and 49 are also rejected for being indefinite. for 
the same reason explained above for claim 1 . As per claim 46, the examiner 
believes that applicant meant the following: "providing, within said TIO, a hash 
value of a trust entity certificate and associated trust information, indicating a 
level of trust for a trusted entity associated with said trusted entity certificate". As 
per claim 49, the examiner believes applicant meant the following: "providing, as 
part of said TIO, a hash value of a public key embedded in a certificate that 
represents a trusted entity and trust information, indicating a level of trust for the 
trusted entity associated with said certificate". 

3. As per claims 24, 26-30, and 39-45, note that the claims are directed at an 
apparatus. The patentability of an apparatus is defined by its structure rather 
than what it does or any materials worked on by the apparatus. The claims do 
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not further define the structure of the apparatus as claimed in their respective 
parent claims, thus it does not appear that what is recited in the claims further 
limit the parent claims since the limitations recited therein either define what the 
apparatus does or material worked on by the apparatus. 
4. Any claims not specifically addressed are rejected by virtue of dependency. 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1-6, 14-22, 24-30, 38-46, and 48-49 are rejected under 35 U.S.C. 101 
because the claimed invention is directed to non-statutory subject matter. 

1. Claim 1 is directed towards a method which lacks a concrete, useful, and 
tangible result, therefore is non-statutory. Claims 2-6 are dependent on claim 1 
and also do not recite a concrete, useful, and tangible result, thus are also non- 
statutory. 

2. Claim 14 is directed towards a method which lacks a concrete, useful, and 
tangible result, therefore is non-statutory. Claims 15-20, which are dependent on 
claim 14, also do not recite any concrete, useful, and tangible result. 

3. Claim 22 is directed towards an apparatus comprising a client. One skilled 
should appreciate that a client can be implemented as software per se. Software 
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by itself is not statutory. Applicant must claim at least one hardware (without a 
purely software alternative) as part of the structure of the claimed apparatus for 
claim 22 to be statutory. Claim 24 also appears to be directed towards software 
per se, thus is not statutory. 

4. Claim 25 is directed towards an apparatus comprising a client, which as 
discussed in claim 22 is software per se, thus is not statutory. Claims 26-30 also 
are directed towards software per se, thus are not statutory. 

5. Like claims 22 and 25, claim 38 and its dependent claims are directed towards 
software per se, thus are not statutory. 

6. Claim 46 is directed towards a method which lacks a concrete, useful, and 
tangible result, therefore is non-statutory. Claim 48 is dependent on claim 46 
and also does not recite a concrete, useful, and tangible result, thus is also non- 
statutory. 

7. Claim 49 is directed towards a method which lacks a concrete, useful, and 
tangible result, therefore is non-statutory. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
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applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 22, 24-30, and 38-45 are rejected under 35 U.S.C. 102(a/e) as being 
anticipated by Samar (US 6,304,974). 
Claim 22: 

As per claim 22, Samar discloses an apparatus comprising a client (Fig 1, item 

118). 

Note that phrase "for receiving a trust information object (TIO) associated with 
said client" indicates an intended use of the client, but does not define the structure of 
the apparatus, thus does not have patentable weight. The clause which begins "said 
TIO comprising a hash value..." describes a material worked on by the client, but as 
observed above, materials worked on by an apparatus does not define the structure of 
the apparatus, thus does not have patentable weight. 
Claim 24: 

As per claim 24, the limitations recited therein further define the TIO. However, 
the TIO is not a structure which the apparatus of claim 22 comprises. Rather, the TIO is 
a material worked on by the apparatus, thus the limitations further recited in claim 22 do 
not further limit the structure of the claimed apparatus of claim 22. As such, claim 24 is 
rejected for the same reasons given in claim 22. 
Claim 25: 

As per claim 25, Samar discloses an apparatus comprising a client (Fig 1, item 

118). 
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Note that the phrase "for receiving a trust information object (TIO) associated 
with said client" indicates an intended use of the client, thus is not given patentable 
weight. The wherein clause recited in claim 25 defines the TIO, but because the TIO is 
not a structure of the claimed apparatus, the wherein clause does not carry patentable 
weight. 

Claims 26-30: 

Claims 26-30 do not further define the structure of the claimed apparatus of claim 
25, thus nothing further recited in claims 26-30 have patentable weight. Claims 26-30 
are rejected for the same reasons given in claim 25. 
Claim 38: 

As per claim 38, Samar discloses an apparatus comprising a client (Fig 1, item 
118) having embedded therein a trust information object (col 5, lines 19-27). 

The phrase that the TIO comprises "a hash value of a trust entity certificate and 
associated trust information indicating a level of trust for a trusted entity associated with 
said trust entity certificate" defines a material worked on by the client, i.e. the TIO, thus 
does not have patentable weight. One skilled should appreciate that a TIO is a type of 
data, thus if a client is able to have one type of data embedded within it, it is capable of 
having any other type of data embedded within it. Thus, the structure of the TIO does 
not in any way define the structure of the apparatus. 

The two wherein clauses recited in claim 38 define something the client does and 
something a different apparatus than the one being claimed does, thus also do not have 
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patentable weight. Note that as recited, a server is not being claimed as part of the 
apparatus of claim 38. 

Note further that as per MPEP 21 1 1 .04, claim language such as wherein clauses 
that suggests or makes optional but does not require steps to be performed, or by claim 
language that does not limit a claim to a particular structure does not further limit a 
claim, thus does not carry patentable weight. The two wherein clauses of claim 38 also 
do not carry patentable weight in light of what is disclosed in MPEP 21 1 1.04 since 
neither clause further limits the structure of the apparatus. 
Claims 39-45: 

Claims 39-45 do not further define the structure of the claimed apparatus. 
Instead, the limitations further recited therein either define a material worked on by the 
claimed apparatus or define what the apparatus does. As the patentability of an 
apparatus depends on its structure, claims 39-45 are rejected for the same reasons 
given in claim 38. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 1-4, 6, 14-21, 46, and 48-49 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Samar (US 6,304,974) in view of Vogel et al (US 6,816,900) and 
further in view of Fischer (US 4,868,877). 
Claim 1: 

Samar discloses the limitations of providing a trust information object (TIO) to 
said client (col 5, lines 19-61). Note that TIO is a broad term and can read on the wallet 
disclosed by Samar (Fig 2), directory service (Fig 1 , item 1 10), digital certificates, 
signatures, or anything else that provides trust information. 

Samar does not explicitly disclose providing as part of said TIO a hash value of a 
trust entity certificate and associated trust information indicating a level of trust for a 
trusted entity associated with said trust entity certificate. However, Vogel discloses 
providing as part of said TIO a hash value of a trust entity certificate and associated 
trust information (col 2, lines 27-37) and Fischer discloses indicating a level of trust for a 
trusted entity associated with said trust entity certificate (col 4, lines 24-37; col 4, line 
34-col 5, line 8; and Fig 5, item 116). 

At the time applicant's invention was made, it would have been obvious to one of 
ordinary skill to incorporate Vogel and Fischer's teachings within Samar's invention 
according to the limitation recited in claim 1 . One of ordinary skill would have been 
motivated to incorporate Vogel's teachings because the use of hashes would allow for 
an easy way to organize certificates listed in Samar's TIO, i.e. the wallet or directory 
service. Note Vogel disclosed that the hash values in the certificate list are used to 
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verify the integrity of the certificates and to indicate which are to be removed or modified 
(col 2, lines 48-52). One of ordinary skill would have incorporated Fisher's teachings by 
indicating a level of trust for a trusted entity associated with said trust entity certificate. 
One of ordinary skill would have been motivated to do so because it is common in the 
art of computing to not only define whether something should be trusted, but just how 
much it should be trusted. This is the reason, for example, that there are multiple types 
of user accounts available for an operating system, i.e. administrators, power users, 
regular users, restricted users, etc. 
Claim 2: 

Samar further discloses wherein said TIO comprises any of: a trusted entity's 
certificate; a trust vector of said trusted entity's certificate; a value indicating a number of 
signatures required for a next update; a date said TIO is created; and a digital signature 
of all data including said certificate, trust vector, number of signatures, and timestamp, 
contained in said TIO (Fig 2). 
Claims 3: 

The limitation of wherein said hash value is determined using any of MD5 and 
SHA-1 is obvious to Samar's modified invention as it is disclosed by Vogel (col 7, lines 
45-63). 
Claim 4: 

The limitation of wherein said TIO conforms to the PKCS#7 standard is obvious 
to Samar's modified invention as Vogel discloses the PKCS#7 standard being used to 
sign messages (col 7, lines 37-44). It would have been obvious to have the TIO in 
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Samar's modified invention conform to the PKCS#7 standard because the PKCS#7 
standard offers a high level of security. 
Claims 6: 

Samar does not explicitly disclose saving a copy of said TIO in a persistent 
memory during said client's build time. However, the examiner asserts that it was well 
known in the art to save a copy of a TIO in a persistent memory during said client's build 
time, i.e. certificates, passwords, or keys are often assigned to a client when the client is 
built and saved in static memory to prevent the information from being lost when the 
client loses power. 

At the time applicant's invention was made, it would have been obvious to further 
modify Samar's invention such that a copy of the TIO was saved in a persistent memory 
during said client's build time. One of ordinary skill would have been motivated to do so 
because it was common to assign trust information to a client during build time and to 
save it in persistent memory to prevent lost of the information due to power failure. 
Claim 14: 

Samar discloses the limitations of: 

1 . Embedding a trust information object (TIO) within said client (col 5, lines 19-61 
and col 6, lines 27-35). 

2. Said client connecting to said server to determine whether a new TIO is available 
(col 8, lines 26-39). 

3. Said server sending a new TIO to said client if there is a more recent TIO (col 8, 
lines 39-44). 
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Samar does not disclose said TIO comprising a hash value of a trust entity 
certificate and associated trust information indicating a level of trust for a trusted entity 
associated with said trust entity certificate. However, Vogel discloses said TIO 
comprising a hash value of a trust entity certificate and associated trust information (col 
2, lines 27-37) and Fischer discloses indicating a level of trust for a trusted entity 
associated with said trust entity certificate (col 4, lines 24-37; col 4, line 34-col 5, line 8; 
and Fig 5, item 116). At the time applicant's invention was made, it would have been 
obvious to one of ordinary skill in the art to modify Samar's invention using Vogel and 
Fischer's teachings according to the limitations recited in claim 14. One of ordinary skill 
would have been motivated to incorporate Vogel and Fischer's teachings within Samar 
for the same reasons given in claim 1. 
Claim 15: 

Samar further discloses sending a TIO including a signing certificate to said 
client, wherein trust information of said signing certificate indicates that said signing 
certificate can be trusted for signing said TIO (col 4, lines 31-42). 
Claim 16: 

Samar further discloses wherein said client fetches said TIO from a trusted 
server, said client ensuring that a root certificate that signed said signing certificate is 
contained in said TIO (Fig 5). 

Samar does not disclose said root certificate is not revocable. However, the 
examiner asserts that non-revocable certificates were well known in the art at the time 
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applicant's invention was made. It would have been obvious to one of ordinary skill in 
the art to modify Samar' s invention such that the root certificate was not revocable 
because it would indicate a high level of trust for the user of the root certificate. 
Claim 17: 

Samar further discloses wherein said client verifies a digital signature of said TIO 
with a signing certificate, along with a TIO sent to said client (col 5, lines 46-51 and col 
7, lines 17-23). 
Claim 18: 

Samar does not explicitly disclose wherein multiple signatures are verified, 
depending on the number of signatures specified in said TIO; wherein said client 
hashes said signing certificates one by one; and wherein if proper results are found in 
said TIO and said certificates are trusted for signing said TIO, then said TIO proves that 
it was not tampered with. 

However, Vogel discloses wherein multiple signatures are verified, depending on 
the number of signatures specified in a TIO (col 8, lines 9-17). Vogel also does not 
explicitly disclose wherein if proper results are found in said TIO and said certificates 
are trusted for signing said TIO, then said TIO proves that it was not tampered with. 
However, the purposes of signatures are to verify and validate. If proper results are 
found for the signatures, then by definition, the TIO has proven that it was not tampered 
with. 

It would have been obvious to one of ordinary skill to modify Samar's invention 
according to the limitation recited in claim 18 in light of Vogel's teachings because it 
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would allow one to determine which signatures and certificates stored in the TIO needs 
to be replaced due to possible security breaches. 
Claim 19: 

Samar does not explicitly disclose wherein said signing certificates exist in said 
TIO in said client before said TIO is signed. However, the purpose of signing is to 
validate an object. It is well known that a certificate authority would not casually sign an 
object if it did not verify the object first. If it did so, then anything signed by the 
certificate authority would not be trustworthy as anyone familiar with the CA would 
understand that the CA has a habit of not verifying before signing. Thus to truly validate 
the TIO by signing it, the signing certificate must exist in said TIO in said client before 
the CA signs it. At the time applicant's invention was made, it would have been obvious 
to one of ordinary skill to further modify Samar's invention according to the limitations 
recited in claim 19 because it would provide for trustworthy validation. 
Claim 20: 

Samar does not disclose wherein said TIO is delivered to said client via a 
broadcast channel; wherein a provider delivers an initial TIO to said client that contains 
a signing certificate and associated trust information by either of including said signing 
certificate in the initial TIO saved in a client persistent memory, or by sending the initial 
TIO to said client through a secure channel before using said broadcast channel. 

However, the examiner asserts that the limitation is well known in the art, as 
discussed in the prior office action. At the time applicant's invention was made, it would 
have been obvious to one of ordinary skill to incorporate this teaching from the cable 
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broadcast industry in Samar's invention because sending a TIO via a broadcast channel 
is the quickest and cheapest way of distributing the same information to a large group of 
clients. One of ordinary skill would have been motivated to deliver an initial TIO to the 
client via a secure channel before using a broadcast channel as this would initially 
ensure that only authorized clients received subsequent TIO's. 
Claim 21: 

Samar does not disclose updating said TIO on a per session basis when said 
TIO is not persistently stored. However, this limitation is well known in the art of cable 
broadcasting. The TIO used to descramble certain premium shows, i.e. pay-per-view, 
shows are not stored persistently and must be updated on a per session basis. At the 
time applicant's invention was made, it would have been obvious to one of ordinary skill 
in the art to modify Samar's invention using this teaching from the cable broadcast 
industry because it would allow for subscription usage of TIO's. 
Claim 46: 

Claim 46 recites limitations substantially similar to what is recited in claim 1 and 
is rejected for substantially the same reasons. The difference is that where claim 1 
recites "providing a trust information object (TIO) to said client", claim 46 recites 
"receiving a trust information object (TIO) at said client". One skilled should appreciate 
that both phrases essentially mean the same thing. Another difference instead of 
reciting "providing, as part of said TIO...", claim 46 recites "providing, within said TIO...". 
However, once again both phrases essentially mean the same thing. 
Claim 48: 
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Samar further discloses said TIO comprising any of: a time stamp which 
indicates a date that said TIO is generated; a trust attribute that comprises trust 
information associated with an entity represented by its certificate; and a thumb print 
comprising a hash of a public key embedded in a certificate that represents a trusted 
entity (Fig 2). 
Claim 49: 

Samar discloses providing a trust information object (TIO) to said client (col 5, 
lines 19-61). 

Samar does not disclose providing, as part of said TIO, a hash value of a public 
key embedded in a certificate that represents a trusted entity and trust information, 
indicating a level of trust for the trusted entity associated with said certficate. However, 
Vogel discloses a hash value of a trust entity certificate (col 2, lines 27-37). Fischer 
discloses a public key embedded in certificate that represents a trusted entity (Fig 5). 
Fischer discloses indicating a level of trust for a trusted entity associated with said trust 
entity certificate (col 4, lines 24-37; col 4, line 34-col 5, line 8; and Fig 5, item 1 16) 

At the time applicant's invention was made, it would have been obvious to one of 
ordinary skill in the art to modify Samar's invention according to the limitations recited in 
claim 49 in light of Vogel and Fischer's teachings. One of ordinary skill would have 
been motivated to incorporate Vogel and Fischer's teachings for the same reasons 
given in claim 1 . Note that it would have been obvious to provide a hash value of the 
public key because it would provide a way to verify that the public key belonged to the 
proper entity. 
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Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Samar 
(US 6,304,974) in view of Vogel et al (US 6,816,900) and Fischer (US 4,868,877) and 
further in view of applicant's admittance of prior art. 
Claims 5: 

Samar does not explicitly hard coding a TIO derived from a set of root certificate 
authority (CA) certificates into said client's software. However, applicant discloses that 
at the time applicant's invention was made, it was a common approach in the art to hard 
code a TIO into a client's software (p2, lines 4-6). Further, the examiner asserts that it 
was also well known in the art to derive a TIO from a set of root CA certificates. This 
was disclosed by Vogel (col 4, lines 5-37), thus is obvious to Samar's modified 
invention. 

At the time applicant's invention was made, it would have been obvious to one of 
ordinary skill to further modify Samar's invention by hard coding a TIO derived from a 
set of root CA certificates into said client's software. One of ordinary skill would have 
been motivated to hard code a TIO into a client's software because as applicant 
discloses in the specification, it was a common approach in the art to provide 
associated trust information (p2, lines 4-6). 



Conclusion 
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Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ponnoreay Pich whose telephone number is 571-272- 
7962. The examiner can normally be reached on 9:00am-4:30pm Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Ponnoreay Pich 
Examiner 
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